Among the new requirements of the European Union’s General Data Protection Regulation are the mandatory data protection impact assessments enshrined in Article 35. DPIAs are designed to evaluate processing practices, assess the necessity and proportionality of processing, and assist in managing risks to data subjects — essentially, to measure and demonstrate compliance with the GDPR. The penalties for non-compliance in fulfilling DPIA requirements are severe. Violations can result in administrative fines of up to 10 million euros or up to 2 percent of the organization’s total worldwide annual turnover for the preceding financial year. To provide details on how and when DPIAs should be done, the Article 29 Working Party has released proposed guidelines, which IAPP Westin Fellow Calli Schroeder, CIPP/US, CIPM, summarizes in this post for Privacy Tracker. You have until May 23 to weigh in.
If you want to comment on this post, you need to login.